vulnerability
FreeBSD: VID-3a023570-91ab-11ed-8950-001b217b3468 (CVE-2022-4167): Gitlab -- Multiple Vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:N/C:C/I:N/A:N) | Jan 11, 2023 | Jan 12, 2023 | Dec 10, 2025 |
Severity
5
CVSS
(AV:N/AC:H/Au:N/C:C/I:N/A:N)
Published
Jan 11, 2023
Added
Jan 12, 2023
Modified
Dec 10, 2025
Description
Gitlab reports: Race condition on gitlab.com enables verified email forgery and third-party account hijacking DOS and high resource consumption of Prometheus server through abuse of Grafana integration proxy endpoint Maintainer can leak sentry token by changing the configured URL Maintainer can leak masked webhook secrets by changing target URL of the webhook Cross-site scripting in wiki changes page affecting self-hosted instances running without strict CSP Group access tokens continue to work after owner loses ability to revoke them Users' avatar disclosure by user ID in private GitLab instances Arbitrary Protocol Redirection in GitLab Pages Regex DoS due to device-detector parsing user agents Regex DoS in the Submodule Url Parser
Solution
freebsd-upgrade-package-gitlab-ce
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.